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DETAILED ACTION 

Applicant amends claims 1 and 1 1 . Claims 1-21 are presented for examination. 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 30 
December 2009 has been entered. 

Response to Arguments 

Applicant's arguments with respect to claims 1-21 have been considered but are 
moot in view of the new grounds of rejection. However, the Examiner will address 
issues raised by the amendments and Applicant. 

The Examiner notes Applicant presents claim 9 as "Currently Amended," 
however, no such amendments appear evident in the claim. The Examiner assumes 
the currently presented claim 9 should be labeled as, e.g., "Previously Presented." 

1 . Applicant argues on page 9 of Remarks: 

"Assignee also disagrees with certain other rejections of the current office 
action. For example, claim 3 requires that the domain controller 
determines whether an entity has a trust relationship with a domain based 
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on whether the entity is within the same domain as the asset the entity is 
seeking to affect. As described throughout the application at issue, 
including at paragraph [0106], in some configurations, each member of a 
domain is trusted and has access to assets within that domain. In rejecting 
claim 3, the office action cites to FIG. 2 of Paatero and paragraphs [0031]- 
[0032]. As discussed above, these portions of Paatero describe receiving 
role certificates that describe actions that can be performed by different 
entities. There is no determination of whether an entity seeking to affect 
an asset and the asset sought to be affected are within the same domain." 

The Examiner disagrees as Paatero (U.S. Pat App Pub 2003/0163685 A1), 
hereinafter referred to as Paatero, teaches in 1[31-1[32, verifying identification 

information related to a communicating third party and matching the communicating 
party with a supplied credential, e.g. a certificate which contains a public key. 1|33 goes 
on to say "with respect to identifying third parties in the role certificate, this can be done 
by storing a public key of the third party in the certificate and later determining if the 
received public key from the third party matches that within the certificate." 

Ergo, establishes the concept of, at least, a trust relation with the domain that 
includes the at least one affected asset. 
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The fact that the Examiner may not have specifically responded to any particular 
arguments made by Applicant and Applicant's Representative, should not be construed 
as indicating Examiner's agreement therewith. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Audebert et al (U.S. Pat App Pub 2003/0005317 A1), hereinafter referred to as 
Audebert, in view of Paatero (U.S. Pat App Pub 2003/0163685 A1), hereinafter referred 
to as Paatero, in further view of Tabbara et al (U.S. Pat 6886038 B1 ), hereinafter 
referred to as Tabbara. 

Re claim 1 : Audebert teaches a plurality of domains [Fig 1, elts 45, 50, 55 & 60] 
residing on a wireless mobile communication device [Fig 1] (111-112; 1|32), at least one 
domain including a plurality of different types of assets [Fig 1, elts 5, 10, 15, 20, 40 & 
95] of the wireless mobile communication device (1[32). 

While Audebert discloses different types of assets (Fig 1 , elts 5, 10, 15, 20, 40 & 
95), Audebert does not expressly disclose the different types of assets within a domain 
requiring a common level of trust to access; and a domain controller, on the mobile 
device, for controlling access to the different types of assets that require a common 
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level of trust to access within a domain configured to receive a request to perform an 
operation affecting at least one of the assets. 

Yet, in an analogous art, Paatero teaches disclose the different assets [Fig 1 , elt 
16': ] within a domain [Fig 1, elt 16] requiring a common level of trust to access (1[16; 
1|22; 1f27); and a domain controller (Fig 1, elt 14), on the mobile device (Fig 1, elt 10: 
1120, lines 1-2), for controlling access to the different assets that require a common level 
of trust to access within a domain configured to receive a request to perform an 
operation affecting at least one of the assets (Fig 2, elts 36 & 42: 1[31-1[32). 

Paatero further teaches: determine whether the request originated with an entity 
that has a trust relationship with the domain that includes the at least one affected asset 
(Fig 2, elts 36 & 42: 1[31-1[33), and to permit completion of the operation if the request 
originated with an entity that has a trust relationship with the domain that includes the at 
least one affected asset; wherein completion of the operation is not permitted if the 
request originated with an entity that does not have a trust relationship with the domain 
that includes the at least one affected asset (Fig 2, elts 36 & 42: 1[34-1[35). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of Audebert with the teachings of 
Paatero, for the purpose of protecting site specific credentials on a portable device after 
the serving device has been authenticated to prevent tampering or misdirection via 
unsecured servers. 
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While the combination of Audebert and Paatero teaches a domain controller, the 
combination does not expressly disclose a domain controller configured to control the 
plurality of domains. 

Tabbara teaches a domain controller configured to control the plurality of 
domains (col 12, lines 7-40; col 13, lines 51-62; col 15, lines 33-40). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of Audebert and Paatero with the 
teachings of Tabbara, for the purpose of protecting access to secure data, particularly 
cryptographic keys. 

Re claim 1 1 : Claim 11 is rejected under similar grounds as those stated in claim 
1 . Claim 1 1 incorporates all the limitations provided in claim 1 . 

Re claim 2 : The combination of Audebert, Paatero and Tabbara teaches a key 
store [Fig 1 : see Private and Public keys associated with the plurality of domains] for 
storing cryptographic keys associated with the domain [Audebert: Fig 1, elts 45, 50, 55 
& 60; Paatero: Fig 1 , elt 16'] that includes the at least one affected asset (Audebert: 
1[32; Paatero: Fig 1, elt 16'), wherein the domain controller is configured to determine 
whether the request originated with an entity that has a trust relationship with the 
domain using the cryptographic keys (Paatero: Fig 2, elts 36, 38, 40, 42, 44 & 46: 1131- 
1132). 

Re claims 3. 12 and 13 : The combination of Audebert, Paatero and Tabbara 
teaches the domain controller is configured to determine whether the request originated 
with the entity that has a trust relationship with the domain that includes the at least one 
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affected asset by determining whether the domain that includes the at least one affected 
asset also includes the entity (Paatero: Fig 2, elts 36, 38, 40, 42, 44 & 46: 1131 -1132). 

Re claim 4 : The combination of Audebert, Paatero and Tabbara teaches at least 
one domain further includes as an asset a software application for which the domain 
controller permits completion of the operation upon the software application (Paatero: 
Fig 2, elts 36, 38, 40, 42, 44 & 46: pi-P2) if the request originated with an entity that 
has a trust relationship with the at least one domain that includes as an asset the 
software application; wherein completion of the operation is not permitted if the request 
originated with an entity that does not have a trust relationship with the at least one 
domain that includes the software application as an asset (Paatero: Fig 2, elts 36 & 42: 
1134-1135). 

Re claim 5 : The combination of Audebert, Paatero and Tabbara teaches at least 
one of the domains comprises a plurality of domains, and wherein the wireless mobile 
communication device further comprises a super user software application that has a 
trust relationship with more than one of the plurality of domains (Paatero: 1|23; 1127, lines 
16-20). 

Re claim 6 : The combination of Audebert, Paatero and Tabbara teaches each of 
the more than one of the plurality of domains includes the super user software 
application (Paatero: 1|23; 1|27, lines 16-20; 1|37). 

Re claims 7 and 15 : The combination of Audebert, Paatero and Tabbara teaches 
the domain controller is further configured to receive information, and to place the 
information into a domain (Audebert: 1|4). 
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Re claim 8 : The combination of Audebert, Paatero and Tabbara teaches the at 
least one asset is selected from the group consisting of: communication pipes, 
persistent data, properties, and software applications (Audebert: 1|2; 1|10). 

Re claims 9 and 18 : The combination of Audebert, Paatero and Tabbara teaches 
a data store for storing properties, wherein the domain controller Is further configured to 
determine whether the operation is permitted by properties in the data store, and to 
permit completion of the operation where the operation is permitted by the properties in 
the data store; wherein completion of the operation is not permitted if the operation is 
not permitted by the properties In the data store (Paatero: Fig 2, elts 36 & 42: 1|34-1|35). 

Re claim 10 : The combination of Audebert, Paatero and Tabbara teaches each 
property is global, domain-specific, or specific to a particular software application on the 
wireless mobile communication device (Audebert: 1|2-1|3; Paatero: Fig 2, elts 36 & 42: 
1I34-1I35). 

Re claim 14 : The combination of Audebert, Paatero and Tabbara teaches the 
request originates from a software application and wherein the step of determining 
whether the request originated with an entity that has a trust relationship with the 
domain that Includes the at least one affected asset comprises the step of verifying a 
digital signature of the software application using a cryptographic key associated with 
the domain (Paatero: Fig 2, elts 34, 36, 38, 42 & 44: p4-1|35). 

Re claim 16 : The combination of Audebert, Paatero and Tabbara teaches the 
step of associating comprises the step of determining with which domains the 
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information is to be associated in accordance with domain policies (Paatero: Fig 2, elt 
42; P2; p4). 

Re claim 17 : The combination of Audebert, Paatero and Tabbara teaches the 
domain policies specify that information is to be associated with domains based on one 
or more of: a source of the information, an indicator of a domain in the information, a 
communication pipe over which the information is received, a digital signature of the 
information, an access list describing allowed domain information, and an input from a 
user of the wireless mobile communication device (Paatero: Fig 2, elts 34, 36, 38, 42 & 
44: 1I34-1I35). 

Re claim 19 : The combination of Audebert, Paatero and Tabbara teaches the 
step of determining whether the operation is permitted by properties stored at the 
wireless mobile communication device comprises the step of checking global properties 

for the wireless mobile communication device and domain properties for the domain that 
includes the at least one affected asset (Audebert: 1|33; 1|35; Paatero: Fig 2, elts 36 & 
42). 

Re claim 20 : The combination of Audebert, Paatero and Tabbara teaches the 
request originates from a software application, and wherein the step of determining 
whether the operation is permitted by properties stored at the wireless mobile 
communication device further comprises the step of checking application properties for 
the software application (Paatero: Fig 1 , elt 10; 1|20; Fig 2, elts 36 & 42). 

Re claim 21 : The combination of Audebert, Paatero and Tabbara teaches 
wherein one domain includes at least two different assets selected from the group of 
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assets consisting of: comnnunication pipes, persistent data, properties, and software 
applications (Audebert: Fig 1; P; 1|10; Paatero: Fig 1, elts 16 & 16'). 

Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references applied to the claims above for the convenience of the applicant. Although 
the specified citations are representative of the teachings of the art and are applied to 
specific limitations within the individual claim, other passages and figures may apply as 
well. It is respectfully requested from the applicant in preparing responses to fully 
consider the references in entirety as potentially teaching all or part of the claimed 
invention, as well as the text of the passage taught by the prior art or disclosed by the 
examiner. 

In the case of amending the claimed invention, Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARREN SCHWARTZ whose telephone number is 
(571)270-3850. The examiner can normally be reached on 7am-4pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571)272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

ID. S./ 

Examiner, Art Unit 2435 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



